How to Decode a JWT Token Without a Library (Any Language)
Published April 2025 · 5 min read
A JWT is just three Base64-encoded strings separated by dots. You don't need a library to read it.
JWT Structure
header.payload.signature
eyJhbGci...eyJzdWIi...SflKxwRJ...JavaScript (3 Lines)
const token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.xxx";
const payload = JSON.parse(atob(token.split('.')[1]));
console.log(payload); // {sub: "1234"}Python (3 Lines)
import base64, json
token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.xxx"
payload = json.loads(base64.b64decode(token.split('.')[1] + '=='))
print(payload)Command Line (bash)
echo "eyJzdWIiOiIxMjM0In0" | base64 -dImportant: Decoding ≠ Verifying
Decoding just reads the payload. It does NOT verify the signature. Never trust decoded JWT data without verifying the signature server-side.
Quick Decode
Use our JWT Decoder to instantly decode any token.